CVE-2024-47866
- Source
- https://cve.org/CVERecord?id=CVE-2024-47866
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47866.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47866
- Aliases
-
- GHSA-mgrm-g92q-f8h8
- Downstream
- Related
- Published
- 2025-11-12T18:28:18.545Z
- Modified
- 2026-02-04T04:07:43.164336Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- RGW DoS attack with empty HTTP header in S3 object copy
- Details
-
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument
x-amz-copy-sourceto put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist. - Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47866.json", "cwe_ids": [ "CWE-20" ] }- References